Security Tests

[JamesSalzer]

Security tests for MySQL Injection would be great.
I imagine it like this, a list in which the injection queries are entered.
In the Tests tab, a checkbox for the injection test.
When sending the route, all entries in the list are tried until the first one passes, this can then be displayed in the results tab.
If none went through "Security check = pass".

I only have slight concerns about the runtime,
if I have a collection with 30 or more routes and each one does the test, and the test list has 2oo or more entries, then I think it can take a while.

[rangav]

Hi @JamesSalzer
How you done similar tests in other API clients?

[JamesSalzer]

We have been testing ReadyAPI for 2 weeks, there are lots of tests, functional tests, speed tests, etc. One test category is Security Test in which there is Cross Site Script, MySQL Injection and then some other tests.
They are all useful but also quite lengthy, the routes are taken from the YAML definition and then tests can be defined, or you can let automatically create tests but after which must be improved. Now you can run tests in the category Security Tests either for this route or for the whole test suite (Collection), ReadyAPI has a list with countless MySQL Injection Queries which are now all tried. In a test with an unprotected route I stopped after 20 minutes and had more than 600 entries in the DB, so it would be appropriate that the execution stops when 1 query goes through, because the test is not passed.

[rangav]

Thanks for sharing details.
Trying to understand how this security test will work.

• You will post some script data to API endpoint that tries to perform some db operation.
• If it success, then security failed
• if it fails, then security pass?

Let me know if above steps are correct?

[JamesSalzer]

Yes, that's right, it might look a little more precise that way.

I was thinking of an expandable list in .json or csv format, located in the Thunder-tests folder, with each list item corresponding to a query.
During a security test, all list items are tried one by one instead of URL parameters.
For example: original URL = http ://localhost/user.php?userid=1
manipulated = http ://localhost/user.php?userid=(query to be tested).
If the manipulated URL is rejected by the server, test with the next query.
If the test is accepted by the server, abort with Test failed.

[rangav]

I think Run Collection suits your needs

steps

1. Create collection and request
2. Create a Test response code != 200
3. Create a env variable and use in body
4. Right Click on collection and select Run All
5. Now you input json or civ file for all the tests needed
6. The request will be executed for each input

Just posted sample steps above, you can try and let me if anything is not clear